2016-06-20

Perfection or bust - the rise and fall of The DAO

Full disclosure - I own some ether and I have put some of it into The DAO presale. I don't think it coloured my view of the situation, but I feel it's better to be open about such things.

The DAO has made a lot of waves recently. First - last month when it became the largest crowdfunding project in history, at one point surpassing Star Citizen's 116M USD (although it might be partially due to ETH exchange rate fluctuations). Second time - earlier this week when the DAO was hacked. So lets start from the beginning and have a look at the rise and fall of The DAO.

DAOs, in general


DAO, or Decentralised Autonomous Organisations have been a fairly nebulous concept in the crypto space for awhile. They basically are computer programs that run as an organisation, using its code as law. They can hold digital assets and money that can be spend on various projects, services and other digital assets.

Some have proposed to use DAOs to create a rudimentary self-sustaining decentralised organisations. Such programs would actually use their resources to hire people to improve them. I've heard this concept described first during the 2013's Money2020 Ripple conference, and I would consider BitShares to be one of the first self-sustaining DAOs.

Of course, with the current level of cryptocurrency technology, the DAOs are very limited in scope. They can't be as sophisticated as modern AI running on supercomputers, and since code isn't lawfully binding - the various DAOs have to rely on humans to interface with the outside world.

In theory, DAOs could create a lot new jobs. As @aantonop put it though:

TheDAO will create many jobs. First for people like me who have to explain what the hell it is.

The DAO


The DAO (holding a very generic "temporary name", which it probably won't escape from), created by Christoph Jentzsch, the founder of Slock.it, was set out to be one of such self-sustaining DAOs. It was set up to be a quasi-venture-capitalist-fund. As with many token crowdsales, it was skirting the borders of the law - allowing anyone to invest, not doing any KYC, promising "benefits to the DAO Token Holders", without outright selling securities.

The project had support from a number of high-profile members of the Ethereum Foundation

The DAO started operations by selling its tokens for ETH. The promise was that later the ETH would be used to fund various projects and try to extract value from those projects to the DAO itself. The DAO also had a mechanism to upgrade itself to newer versions of the code. The entire process of both spending money and code upgrade would be governed by the token holders voting. Every vote would be proportional to the amount of tokens held.

By the end of the crowdsale, The DAO has raised 8.26M ETH, more than 10% of the total coin supply.

In theory, The DAO could've been a very strong player in the crypto space. Even if it would spend 10% of its funds just funding early stages companies, it could give out 100k USD to 100 different companies and probably have great ROI by the end.

However, there was a bug in the code...

The exploit


Around 2016-06-17, news broke that The DAO's balance was being drained. Quickly there was a call to all exchanges to stop trading the tokens and Ethers while the situation is being resolved.

As it turns out, The DAO had a small bug in it (discussion, technical overview). They managed to make a recursive call to a function and use that exploit to start draining The DAO of its ETH. Before the attack stopped, 3.6M ETH was extracted, worth about 50M USD give or take 20M due to wild price fluctuations.

The attack stopped around the time Vitalik released a blog post about how Ethereum will be handling the exploit. In the end it was decided that Ethereum will not roll back, instead creating a soft fork preventing the drained ETHs from being spent. The coins would also apparently be reimbursed and everyone that put their money into The DAO would be getting it back.

The following day, we actually got a statement from "The Attacker" about the issue, claiming that the draining of ETH was legal and in accordance to The DAO's rules ("code is law", therefore any execution of the code is always as intended). The Attacker also threatens legal action against any attempt to freeze the drained ETH. If such a case ever made it into a court, it would probably be the most important precedent for the future of decentralised organisations as a whole. Only time will tell where the story goes.

Other criticism


If The DAO has not been taken down by this exploit, it is entirely possible we might've seen a lot of other problems crop up in the future. Here are just some of the possible issues and other ideas that would need to be considered.

Setting a precedent for Ethereum. The way Ethereum handles this exploit may affect how similar future problems would have to be addressed. If they go through with the blacklisting, they might be required by law or asked by the community to do the same in the future for a lot of other things. This can open up a big can of worms. However, if they don't, then they might scare off any other similar projects from using the platform, along with some of their users. Damned if you do, damned if you don't.

Voter apathy. If The DAO would have a large amount of users sitting idly on their tokens rather than voting with their money, the software might have problems reaching the needed quorum to do anything. Apparently in Bitshares, only about 10% of stakeholders participate in voting. Perhaps switching to a Delegated Voting model might help alleviate the issue.

Unexplored legal area. The DAO seems to have aimed to exist in an unexplored legal area. It operates like a security or a venture fund without doing the due diligence. It technically cannot be sued, but people that put money into it might face legal repercussions. All in all, it probably would give any lawyer and government official a headache to try framing it in the existing rule of law.

Lack of KYC. While a lot of people in the crypto community want the government and regulations as far from their projects as possible, some oversight might deter attackers. If every investor in The DAO would be vetted by KYC first, and if only vetted individuals could hold the tokens, anyone attacking The DAO would have to be prepared to get sued and criminally charged for their actions. Right now the best we've got is to try tracing the ETHs they owned back to an exchange and possibly investigate some Ethreum / DAO short calls someone might have set up before the attack (similarly to the idea of "terrorist insider trading").

Rushed deployment. After The DAO has been released, there have been some concerns from people that the code should've been tested and vetted more to iron out any bugs. A code that holds so much money is a gold-filled pinata for any and every hacker that might try to break it 24/7. Some attack vectors have been published before the attack (description and mitigation). Since the contract is vulnerable right after it's released, rushing a release is not wise.

Any bug needs to be fixed immediately. With a smart contract running on a decentralised network, it is vulnerable to exploits all the time. Any new bug that is found needs to be fixed right away, especially if it is described publicly. With more centralised software, you can at least shut everything down until the bug is fixed, but such luxury would be harder to implement in a DAO.

One mistake and your money is gone. While this one applies to most cryptocurrencies, it also bears mentioning - any bug in the code that breaks the smart contract that holds actual money (in this case, ETH) can cost you everything. If you deploy such a piece of code and send money to it, it is gone and you won't be able to get it back.

There are no rollbacks with real coins. While any contract that issues and deals only in its own tokens can be rolled back to any point in time with a patched contract, the matter is not as simple when we're dealing with actual coins (in this case, ETH). As the native coins exist outside of the contract's controls, using such contracts to manage the coins is more dangerous than just dealing in tokens.

Putting all eggs in one basket. A contract holding over 100M USD is a disaster waiting to happen. At the very least some of that money should've been put in some deep cold storage until it is needed. Enter into some legally binding contract with 50 people if you need to to provide some multisig and keep the funds safe. It's like putting all of your coins into a hot wallet - you shouldn't do that.

Paradox of presales. Even if The DAO would function correctly, it might be a hard value proposition, similar to most other ITOs (Initial Token Offering). Unless you are an actual security / fund and building projects that funnel their earnings into the organisation, the projects that benefit The DAO holders rather than Ethereum as a whole might be inferior to the general use case. There is a lot that the Ethereum platform and anything on it could benefit from, but tying them into one smart contract might defeat the purpose. Since many DAOs want to avoid being labelled as a security, we might just get some weird projects in the end.

Relation to other projects


A few people have started comparing this bug to a few other things in the cryptocurrency space. Perhaps it is important to have a look at them and figure out how similar they are.

In the early days of Bitcoin, in mid-2010, someone found a way to create 184'467'440'737.09551616 BTC (almost 10k times more coins than would ever exist) out of thin air in a so called "Value overflow incident". The bug was fixed and the network was rolled back. The bug is similar - use an unexpected way the code works to get access to more tokens than one should be able to. However, this situation is different as it breaks the core functionality of the entire network, rather than a sub-part of it that is not governed by the protocol. Rolling back the network to before the bug was introduced is entirely justified - it is something that shouldn't have happened. With The DAO, the situation is a bit different - the core network functioned as intended, it is the final product that was at fault.

Another incident similar to this was the fall of MtGox allegedly caused by Transaction Malleability, and the attack on JustCoin with Ripple's Partial Payment Flag. In both cases, the software creators did not anticipate an obscure network behaviour that lead to their downfall. In neither cases did the network got rolled back - it functioned as intended, and to my knowledge neither of those companies got bailed out for the bugs in their code. This would probably be the closest analogy.

The decision to bail the contract out and refund the drained ETH might be either seen as the Ethereum Foundation trying to mitigate the damage to the network's reputation, or it might be due to many of the Foundation members lending their credibility to the project itself. One way or the other, I doubt we would see many similar DAOs in the future with such lineup of big name supporters to mitigate any similar damage in the future.

What is also worth noting is that because of Bitcoin's success, a lot of the cryptocurrency projects may "suffer" from an accelerated growth. There have been many incidents in the earlier days of Bitcoin of people losing their money and it wasn't that big of a deal - the coins were worth only so much. However, with networks such as Ethereum being worth a billion dollars less than a year after release, you have similar high profile bugs, but the coins themselves are worth a lot more a lot quicker. Perhaps we should try stalling the gold rush until a project has been vetted by early adopters hammering out all of the kinks and best practices? It's probably not going to happen unfortunately...

Lastly, if the Tau developers want to brag about how their platform is / will be much better than Ethereum since such bugs can't happen there, it is your time to prove yourself - deliver us your implementation of The DAO in a language of your choice so we can pick it apart and see if it breaks.

Conclusions


The DAO has been an interesting ride. It allowed the ETH to double in value and crash back down. A project of this scope if executed correctly would certainly be a game changer for any cryptocurrency network. Unfortunately, as many have made this joke before, it seems The DAO was DOA (dead on arrival). With DAOs, it's perfection or bust.

Spells of Genesis card for The DAO, reading
"Holding so much energy, the Colossus is able to withstand all threats"...

How Bitcoiners see the situation

No comments:

Post a Comment